blob_storage_controller.cc assert from this bug was caused by the fact that worker thread actually run in a different renderer process from the main page JS thread. chrome.fileBrowserPrivate.* methods grant access to files through ChildProcessSecurityPolicy class, but such file permissions would end up associated with renderer process of the main thread only. When worker tries to register blobs representing such files, ChildProcessSecurityPolicy check would reject it since its client process id has nothing to do with main renderer's id.

This CL adds mapping between worker and main renderer processes and uses that to ensure that worker thread renderer process file permissions are "inherited" from its main JS thread renderer child process.

BUG=chromium-os:14680
TEST=added extra tests to ChildProcessSecurityPolicyTest.FilePermissions
Review URL: http://codereview.chromium.org/6893145

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@83754 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 37 insertions, 11 deletions

diff --git a/content/browser/child_process_security_policy.cc b/content/browser/child_process_security_policy.cc
index cda7a06..eac07c4 100644
--- a/content/browser/child_process_security_policy.cc
+++ b/content/browser/child_process_security_policy.cc
@@ -157,12 +157,14 @@ ChildProcessSecurityPolicy* ChildProcessSecurityPolicy::GetInstance() {
 
 void ChildProcessSecurityPolicy::Add(int child_id) {
   base::AutoLock lock(lock_);
-  if (security_state_.count(child_id) != 0) {
-    NOTREACHED() << "Add child process at most once.";
-    return;
-  }
+  AddChild(child_id);
+}
 
-  security_state_[child_id] = new SecurityState();
+void ChildProcessSecurityPolicy::AddWorker(int child_id,
+                                           int main_render_process_id) {
+  base::AutoLock lock(lock_);
+  AddChild(child_id);
+  worker_map_[child_id] = main_render_process_id;
 }
 
 void ChildProcessSecurityPolicy::Remove(int child_id) {
@@ -172,6 +174,7 @@ void ChildProcessSecurityPolicy::Remove(int child_id) {
 
   delete security_state_[child_id];
   security_state_.erase(child_id);
+  worker_map_.erase(child_id);
 }
 
 void ChildProcessSecurityPolicy::RegisterWebSafeScheme(
@@ -405,12 +408,18 @@ bool ChildProcessSecurityPolicy::CanReadDirectory(int child_id,
 bool ChildProcessSecurityPolicy::HasPermissionsForFile(
     int child_id, const FilePath& file, int permissions) {
   base::AutoLock lock(lock_);
-
-  SecurityStateMap::iterator state = security_state_.find(child_id);
-  if (state == security_state_.end())
-    return false;
-
-  return state->second->HasPermissionsForFile(file, permissions);
+  bool result = ChildProcessHasPermissionsForFile(child_id, file, permissions);
+  if (!result) {
+    // If this is a worker thread that has no access to a given file,
+    // let's check that its renderer process has access to that file instead.
+    WorkerToMainProcessMap::iterator iter = worker_map_.find(child_id);
+    if (iter != worker_map_.end() && iter->second != 0) {
+      result = ChildProcessHasPermissionsForFile(iter->second,
+                                                 file,
+                                                 permissions);
+    }
+  }
+  return result;
 }
 
 bool ChildProcessSecurityPolicy::HasWebUIBindings(int child_id) {
@@ -442,3 +451,20 @@ bool ChildProcessSecurityPolicy::CanReadRawCookies(int child_id) {
 
   return state->second->can_read_raw_cookies();
 }
+
+void ChildProcessSecurityPolicy::AddChild(int child_id) {
+  if (security_state_.count(child_id) != 0) {
+    NOTREACHED() << "Add child process at most once.";
+    return;
+  }
+
+  security_state_[child_id] = new SecurityState();
+}
+
+bool ChildProcessSecurityPolicy::ChildProcessHasPermissionsForFile(
+    int child_id, const FilePath& file, int permissions) {
+  SecurityStateMap::iterator state = security_state_.find(child_id);
+  if (state == security_state_.end())
+    return false;
+  return state->second->HasPermissionsForFile(file, permissions);
+}